deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
1694 commits 3 branches 18 tags 34 MiB
Commit graph

1694 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jacques Distler 0ddd422059 Sync with latest HTML5lib 2007-06-11 23:33:06 -05:00
Jacques Distler c2bfdefa57 Another XSS fix 
Yet another interesting XSS attack from 
  http://ha.ckers.org/xss.html
 2007-06-11 00:03:51 -05:00
Jacques Distler aac197430c More XSS vectors defanged 2007-06-10 15:07:26 -05:00
Jacques Distler a6cbf38304 Table elements, too 
Last fixup for the sanitizer tests.
 2007-06-09 22:53:35 -05:00
Jacques Distler 6b2ec7354b Rationalize Sanitizer Tests 2007-06-09 22:21:50 -05:00
Jacques Distler a68d1aa8f3 Sanitizer API documentation now online 
See:
   http://golem.ph.utexas.edu/~distler/code/rdoc/sanitize/
 2007-06-08 23:51:30 -05:00
Jacques Distler f818238dd3 Consolidation 
Shuffled around a couple of files.
 2007-06-08 22:39:37 -05:00
Jacques Distler 3bf560c3b3 Updated to Latest HTML5lib 
Synced with latest HTML5lib.
Added some RDoc-compatible documentation to the sanitizer.
 2007-06-08 17:26:00 -05:00
Jacques Distler 8badd0766a Enhancements to sanitize.rb 
Options, options, ... options.
 2007-06-08 01:23:09 -05:00
Jacques Distler 0298868573 Fix S5 Unicode 
Make sure sanitize_xhtml and sanitize_html are set to utf-8 encoding.
Also, a stylesheet tweak.
 2007-06-07 17:30:42 -05:00
Jacques Distler 86a7577975 Renamed one function. 2007-06-06 14:36:54 -05:00
Jacques Distler 0012efcfb4 Fixed Porting Error in HTML5lib Serializer 2007-06-06 08:44:57 -05:00
Jacques Distler 8846b2cda5 Sync with Latest HTML5lib 
Some more tweaks
 2007-06-06 08:12:03 -05:00
Jacques Distler fd183eac04 More Tests 
Put the Serializer version of the Sanitizer through its paces.
 2007-06-06 00:56:43 -05:00
Jacques Distler e1acebe6e4 Bugfix 
Me stoopid.
 2007-06-05 18:06:26 -05:00
Jacques Distler f0cf0ec625 Sanitize REML trees 
OK. Enabled sanitization of rexml trees instead of strings.
My timing tests seem to be erratic. Can't tell whether this is really faster.
 2007-06-05 17:13:44 -05:00
Jacques Distler bd8ba1f4b1 REXML Trees 
Synced with latest HTML5lib.
Added preliminary support (currently disabled) for sanitizing REXML trees.
 2007-06-05 16:34:49 -05:00
Jason Blevins aadfb55342 Merged with latest trunk. 2007-06-04 22:47:59 -04:00
Jacques Distler 4dd70af5ae HTML5lib is Back. 
Synced with latest version of HTML5lib, which fixes problem with Astral plane characters.
I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer.
 2007-05-30 10:45:52 -05:00
Jacques Distler e1a6827f1f Rollback Switch to HTML5lib 
Apparently, HTML5lib does not handle astral plane unicode characters correctly.
Which makes it useless.
Return to the previous sanitizer.
 2007-05-29 23:57:39 -05:00
Jacques Distler bc0153c23f A few more MIME Types 
Add a few more likely suspects.
 2007-05-29 23:02:19 -05:00
Jacques Distler 162a00bed4 WEBrick MIME Types 
Add some MIME Types to WEBrick's woefully short list of recognized MIME Types.
(A bas 'application/octet-stream'!)
 2007-05-29 22:39:35 -05:00
Jacques Distler 3df61e352d Fix for IE7+MathPlayer. 
Based on

    http://lists.w3.org/Archives/Public/www-math/2007May/0044.html

I've altered the Content-Type header sent to IE+MathPlayer. Rationale is
explained in 

    http://lists.w3.org/Archives/Public/www-math/2007May/0045.html
 2007-05-29 17:10:20 -05:00
Jacques Distler dc629f5c07 Do Content-negotiation for Cached Content 
The action_cache plugin broke our content-negotiation.
Fixed.
 2007-05-28 12:48:42 -05:00
Jacques Distler 5db9b7d3ea Fixed action_cache Plugin 
The action_cache plugin had Conditional GET (If-Modified-Since) support. I added ETag (If-None-Match) support.
 2007-05-26 14:11:53 -05:00
Jacques Distler c67cfbc52d Sanitize tests moved 
Sanitize tests are now in the vendor/plugins/HTML5lib/tests/ directory.
 2007-05-25 22:58:12 -05:00
Jacques Distler d62b880e3f ETags and Action Caching 
Added the action_cache plugin

    http://agilewebdevelopment.com/plugins/action_cache

which does action-caching with ETags support. The built-in Rails ETags "solution" sucks, because it forces a page-rerender, even when the content is unchanged.
 2007-05-25 22:52:42 -05:00
Jacques Distler 6b21ac484f HTML5lib Sanitizer 
Replaced native Sanitizer with HTML5lib version.
Synced with latest Maruku.
 2007-05-25 20:52:27 -05:00
Jacques Distler 457ec8627c ETag Support from Edge-Rails 
Added ETag support from

   http://dev.rubyonrails.org/changeset/6158
 2007-05-18 16:53:58 -05:00
Jacques Distler e4e26400ef One more file... 
This one was missed by Revision 519 in Instiki Trunk. Fixed in my branch.
 2007-05-11 12:42:18 -05:00
Jacques Distler 342f10acf6 Corrected Typo 
Fixed typo in one file from previous update.
 2007-05-11 12:34:21 -05:00
Jacques Distler 3b6cd309ff Sync with Instiki Trunk 
Sync with Revision 519 of Instiki trunk (2007/5/7).
 2007-05-11 11:47:38 -05:00
Matt MacGillivray 36b86a9d41 Removed deprecation errors for rails 1.2.3. Corrected test case failures as a result of updated features and functionality 2007-05-07 22:46:00 +00:00
Jacques Distler b0e063451f Sanitize Tweak 
Add 'cite' to the list of attributes whose values are URI's.
 2007-04-28 02:09:21 -05:00
Jacques Distler 9b55a75570 More SVG Elements and Attributes 
Added <tspan> and <marker>, as well as a slew of related SVG attributes.
Also an SVG-related stylesheet tweak
 2007-04-27 21:52:29 -05:00
Jacques Distler 6ca6525ff7 Add another SVG attribute to Sanitize. 
Add 'stroke-opacity' to list of allowed SVG attributes.
 2007-04-20 16:09:55 -05:00
Jacques Distler 493803cfd1 Atom Feeds (bis) 
Remove some vestiges of RSS 2.0.
 2007-04-13 17:20:14 -05:00
Jacques Distler 3a57d3aade Atom Feeds 
Replaced Instiki's RSS 2.0 feeds with Atom 1.0 feeds.
 2007-04-13 17:04:03 -05:00
Jacques Distler 81d71854c0 Sync with latest Instiki. 
Syn with revision 518 of Instiki trunk.
 2007-04-08 17:35:33 -05:00
Matthias Tarasiewicz 322a09274f in response to #406 - commented out parts in the css that would render the admin part ununsable. still needs research. 2007-04-08 20:12:23 +00:00
Matthias Tarasiewicz 40a71e80d9 fixes #439 by patch from alex eagle 2007-04-08 19:37:47 +00:00
Jacques Distler 3ce0b98d99 File Security Redux. 
Hopefully, this will fix the world-writable-files problem with Rails, once and for all.
 2007-03-31 10:06:51 -05:00
Jacques Distler 19889c98d4 Safari's DOM support in XHTML is horribly broken. Send it S5 slideshows as text/html. (Sorry: no inline SVG for you!) 
Turn on Maruku's Math support in S5 slideshows, only if corresponding Web is Math-enabled.
 2007-03-30 12:25:59 -05:00
Jacques Distler 0db06a9fa3 To be really XML-safe, don't emit XHTML+MathML named entities. (Ported MathML::Entities to Ruby.) 2007-03-29 03:30:10 -05:00
Jacques Distler 9b9d134ad9 Fix upgrade to Rails 1.2.3. 
Fix log-rotation (the previous attempt didn't quite work as advertised).
 2007-03-21 15:37:29 -05:00
Jacques Distler 7adac51d6d Sync with latest Instiki trunk. Changes: 
1) Upgrade Rails to 1.2.3
2) Revert RedCloth to previous version (who %#$@ cares?)
3) Preserve the Rails Security fix  to vendor/rails/actionpack/lib/action_controller/caching.rb from Revision 80.
 2007-03-18 11:56:12 -05:00
Matthias Tarasiewicz ca9e155c17 reverted redcloth to 3.0.3 (fixes formatting bugs) 
upgraded integrated rails to 1.2.3
 2007-03-18 10:20:35 +00:00
Jacques Distler ff3e03a45a Switched from XHTML+MathML to XHTML+MathML+SVG DOCTYPE. Silly, I know ... 2007-03-16 01:10:52 -05:00
Jacques Distler f92ed693c0 Log rotation. By default, we now use the standard Ruby Logger class to rotate the Instiki logfile. 
This works fine with the default Webrick. But, if you're running under Mongrel (say), you probably
want to customize this in config/environments/production.rb .
 2007-03-13 14:54:43 -05:00
Jacques Distler c704f899af File uploads now work. 2007-03-10 22:31:24 -06:00